package com.vtech.spring.security;

import com.vtech.spring.model.User;
import com.vtech.spring.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * TODO
 *
 * @author houzhiwei
 * @date 2018/6/9 22:32
 */
public class DbRealm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    @Autowired
    UserService userService;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        // 一般采用 UsernamePasswordToken 传递用户凭证
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String name = token.getUsername();
        String password = new String(token.getPassword());

        // 应用中应该根据username，从数据库中查询获得
        User user = new User();
        user.setId(1L);
        user.setPassword("11111");
        user.setUsername("hhhhh");
        // 提交验证
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
        return info;
    }
}
